key

package
v0.8.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 26, 2025 License: MIT Imports: 14 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ECCSRK_H10_Template = tpm2.TPMTPublic{
		Type:    tpm2.TPMAlgECC,
		NameAlg: tpm2.TPMAlgSHA256,
		ObjectAttributes: tpm2.TPMAObject{
			FixedTPM:            true,
			FixedParent:         true,
			SensitiveDataOrigin: true,
			UserWithAuth:        true,
			AdminWithPolicy:     false,
			SignEncrypt:         true,
			Decrypt:             true,
		},
		AuthPolicy: tpm2.TPM2BDigest{
			Buffer: []byte{
				0xCA, 0x3D, 0x0A, 0x99, 0xA2, 0xB9,
				0x39, 0x06, 0xF7, 0xA3, 0x34, 0x24,
				0x14, 0xEF, 0xCF, 0xB3, 0xA3, 0x85,
				0xD4, 0x4C, 0xD1, 0xFD, 0x45, 0x90,
				0x89, 0xD1, 0x9B, 0x50, 0x71, 0xC0,
				0xB7, 0xA0,
			},
		},
		Parameters: tpm2.NewTPMUPublicParms(
			tpm2.TPMAlgECC,
			&tpm2.TPMSECCParms{
				CurveID: tpm2.TPMECCNistP256,
				Scheme: tpm2.TPMTECCScheme{
					Scheme: tpm2.TPMAlgNull,
				},
			},
		),
		Unique: tpm2.NewTPMUPublicID(
			tpm2.TPMAlgECC,
			&tpm2.TPMSECCPoint{
				X: tpm2.TPM2BECCParameter{
					Buffer: make([]byte, 0),
				},
				Y: tpm2.TPM2BECCParameter{
					Buffer: make([]byte, 0),
				},
			},
		),
	}

	RSASRK_H9_Template = tpm2.TPMTPublic{
		Type:    tpm2.TPMAlgRSA,
		NameAlg: tpm2.TPMAlgSHA256,
		ObjectAttributes: tpm2.TPMAObject{
			FixedTPM:            true,
			FixedParent:         true,
			SensitiveDataOrigin: true,
			UserWithAuth:        true,
			AdminWithPolicy:     false,
			SignEncrypt:         true,
			Decrypt:             true,
		},
		AuthPolicy: tpm2.TPM2BDigest{
			Buffer: []byte{
				0xCA, 0x3D, 0x0A, 0x99, 0xA2, 0xB9,
				0x39, 0x06, 0xF7, 0xA3, 0x34, 0x24,
				0x14, 0xEF, 0xCF, 0xB3, 0xA3, 0x85,
				0xD4, 0x4C, 0xD1, 0xFD, 0x45, 0x90,
				0x89, 0xD1, 0x9B, 0x50, 0x71, 0xC0,
				0xB7, 0xA0,
			},
		},
		Parameters: tpm2.NewTPMUPublicParms(
			tpm2.TPMAlgRSA,
			&tpm2.TPMSRSAParms{
				Scheme: tpm2.TPMTRSAScheme{
					Scheme: tpm2.TPMAlgNull,
				},
				KeyBits: 2048,
			},
		),
		Unique: tpm2.NewTPMUPublicID(
			tpm2.TPMAlgRSA,
			&tpm2.TPM2BPublicKeyRSA{Buffer: make([]byte, 0)},
		),
	}
)
View Source 
var (
	ErrOldKey = errors.New("old format on key")
)

Functions

This section is empty.

Types

type HierSSHTPMKey added in v0.8.0 

type HierSSHTPMKey struct {
	*SSHTPMKey
	// contains filtered or unexported fields
}

func CreateHierarchyKey added in v0.8.0 

func CreateHierarchyKey(tpm transport.TPMCloser, keytype tpm2.TPMAlgID, hier tpm2.TPMHandle, desc string) (*HierSSHTPMKey, error)

func (*HierSSHTPMKey) FlushHandle added in v0.8.0 

func (h *HierSSHTPMKey) FlushHandle(tpm transport.TPMCloser)

func (*HierSSHTPMKey) Sign added in v0.8.0 

func (h *HierSSHTPMKey) Sign(tpm transport.TPMCloser, _, auth, digest []byte, digestalgo tpm2.TPMAlgID) ([]byte, error)

func (*HierSSHTPMKey) Signer added in v0.8.0 

func (h *HierSSHTPMKey) Signer(keyring *keyring.ThreadKeyring, ownerAuth func() ([]byte, error), tpm func() transport.TPMCloser, auth func(*keyfile.TPMKey) ([]byte, error)) *SSHKeySigner

type SSHKeySigner added in v0.8.0 

type SSHKeySigner struct {
	*keyfile.TPMKeySigner
	// contains filtered or unexported fields
}

Shim for keyfile.TPMKeySigner We need access to the SSHTPMKey to change the userauth for caching

func NewSSHKeySigner added in v0.8.0 

func NewSSHKeySigner(k SSHTPMKeys, keyring *keyring.ThreadKeyring, ownerAuth func() ([]byte, error), tpm func() transport.TPMCloser, auth func(*keyfile.TPMKey) ([]byte, error)) *SSHKeySigner

func (*SSHKeySigner) Sign added in v0.8.0 

func (t *SSHKeySigner) Sign(r io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error)

type SSHTPMKey added in v0.5.0 

type SSHTPMKey struct {
	*keyfile.TPMKey
	PublicKey   *ssh.PublicKey
	Certificate *ssh.Certificate
}

SSHTPMKey is a wrapper for TPMKey implementing the ssh.PublicKey specific parts

func Decode added in v0.5.0 

func Decode(b []byte) (*SSHTPMKey, error)

func NewImportedSSHTPMKey added in v0.5.0 

func NewImportedSSHTPMKey(tpm transport.TPMCloser, pk any, ownerauth []byte, fn ...keyfile.TPMKeyOption) (*SSHTPMKey, error)

This assumes we are just getting a local PK.

func NewSSHTPMKey added in v0.5.0 

func NewSSHTPMKey(tpm transport.TPMCloser, alg tpm2.TPMAlgID, bits int, ownerauth []byte, fn ...keyfile.TPMKeyOption) (*SSHTPMKey, error)

func WrapTPMKey added in v0.8.0 

func WrapTPMKey(k *keyfile.TPMKey) (*SSHTPMKey, error)

func (*SSHTPMKey) AgentKey added in v0.8.0 

func (k *SSHTPMKey) AgentKey() *agent.Key

func (*SSHTPMKey) AuthorizedKey added in v0.5.0 

func (k *SSHTPMKey) AuthorizedKey() []byte

func (*SSHTPMKey) Fingerprint added in v0.5.0 

func (k *SSHTPMKey) Fingerprint() string

func (*SSHTPMKey) GetDescription added in v0.8.0 

func (k *SSHTPMKey) GetDescription() string

func (*SSHTPMKey) GetTPMKey added in v0.8.0 

func (k *SSHTPMKey) GetTPMKey() *keyfile.TPMKey

func (*SSHTPMKey) Signer added in v0.8.0 

func (k *SSHTPMKey) Signer(keyring *keyring.ThreadKeyring, ownerAuth func() ([]byte, error), tpm func() transport.TPMCloser, auth func(*keyfile.TPMKey) ([]byte, error)) *SSHKeySigner

type SSHTPMKeys added in v0.8.0 

type SSHTPMKeys interface {
	Signer(*keyring.ThreadKeyring, func() ([]byte, error), func() transport.TPMCloser, func(*keyfile.TPMKey) ([]byte, error)) *SSHKeySigner
	GetDescription() string
	Fingerprint() string
	AuthorizedKey() []byte
	AgentKey() *agent.Key
	GetTPMKey() *keyfile.TPMKey
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.